package hotboxr::Auth::Credential;
use strict; use warnings;

use base qw/Class::Accessor::Fast/;
BEGIN {
    __PACKAGE__->mk_accessors(qw/auth _config realm/);
}

sub new {
    my ($class,$config,$app,$realm) = @_;
    my $self = { _config => $config };
    bless $self, $class;
    $self->realm($realm);

    $self;
}

sub authenticate {
    my ($self,$c,$realm,$authinfo) = @_;

    $self->realm($realm) if $realm;

    for my $p (qw/session_key username password/) {
        $authinfo->{$p} = $c->req->param($p) if !$authinfo->{$p};
    }
    $authinfo->{ip_address} = $c->req->address;

    my $user = eval { $realm->find_user($authinfo,$c->model('Mongo'),$c->config->{crypt_key}); };
    if ($@) { $c->log->warn("Error on auth: $@"); return undef;}
    elsif (!defined $user) { $c->log->warn("authenticate did not get user object back"); return undef; }
    return $user;
}
1;
